Title: NAI VirusScan Update Vulnerability
Severity: INFO
Description:
A vulnerability in Network Associates VirusScan for Windows NT stops it from updateting the virus signature definition files under certain conditions while it reports that it is up to date.
NAI's VirusScan features an option that allows the virus signature file to be updates automatically via FTP. A race condition in the code stops the program from correctly updating the definition file yet it fails to notice this error and updates the log as if the file was sucessufully updated and any subsequent updates will inform the user they are up to date. The error cannot be reproduced consistently.
To check that the file is being updated correctly go to the About box fromt he AntiVirus Console and read the latest date next to the text "Created On". If this date does not change after a manual or automatic update you are vulnerable.
Affected Products:
- Network Associates VirusScan for Windows NT 4.0.2
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
